Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

What is spear phishing and how to avoid it

spear-phishing-blog-header

about the author

Share this post

Spear Phishing… just like phishing but a bit more direct


We have all heard by now of the term phishing and how it works, where a generic email is sent with an encrypted URL or attachment and when it’s clicked “BOOM”… you have been caught. But, what we are seeing now is an up rise in spear phishing.

Spear phishing is technically the same but with a more direct and targeted approach. The hackers will spend time looking into an individual or a small group of people’s own lives, interests and job role and create an email which seems legitimate and interesting, interesting enough to click. And if that one person clicks which activates the malware, this can spread and cause damaging effects within the
business.

The Federal Bureau of Investigation conducted detailed research in to spear phishing and reported that most spear phishing is directed at businesses who use “wire transfers as a common method of transferring funds for business purposes”. This is also known as the BEC Scam which is defined as a “…sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or
computer intrusion techniques to conduct unauthorized transfers of funds.”


•  Combined exposed dollar loss = $3,086,250,090.
•  Since January 2015, there has been a 1,300% increase in identified exposed losses
•  Fraudulent transfers have been sent to 79 countries with the majority going to Asian
    banks located within China and Hong Kong.
•  Domestic and International victims total to 22,143

Here’s a quick look into how “phishermen” target and catch


Facebook- Your updates can give away quite a lot about you as a person. Your spending habits, your dog’s name, a photo of you recently on holiday in Greece or the purchase of your lovely new car. The phishers can create a believable email asking you to review your recent holiday or to buy discounted dog food which has your dog’s name on it, which would include a link filled with malware. We aren’t saying you must never update anything ever again, but be mindful and think before you post or click!


Twitter- Your twitter is full of hashtags, #sister #bestfriend #family… and usually connected with these are tags of people names, locations and even images. This makes it easy for the phishers to create a “hide behind” persona. If you received an email with your sister’s name on it, you would automatically think it’s ok and would never think it’s a phishing email but unfortunately, sometimes they are.


LinkedIn- You have your image, your business title, the business name, all connected employees and everything that you are interested in is viewable. The phishers can use this against you and to
manipulate you. Isn’t that a scary thought? Everything you do online and what you interact with is basically building blocks for your own spear phishing attack. 
Put these together and you are the prime target for a spear phishing scandal, which if clicked could be further sent to your colleagues which then becomes a snowball effect. Be careful, and don’t start the
snowball.

What is spear phishing and how to avoid it

Spear phishing – How to avoid and reduce the chances of being a victim

1- Be mindful – With all your details online now, your information can be sourced and used very easily. Don’t give away too much, and never post any personal details like address, phone number or bank details. Still enjoy it, post them funny photos, tell your friends you had the best day at the beach with your family, even tell everybody that you had a burrito for your lunch … but be careful. If you get an email about a “free burrito” from your favorite takeaway by the sea side, it’s probably not coincidence!
Be aware and stay vigilant.


2- Check the links – Spear phishing emails usually have links in them, asking you to click to change a password, verify details or sign up to something new and exclusive. But before you click, the best thing to do is to check the URL by hovering over the link. If it’s a phishing scam, you can bet the URL will be something completely irrelevant to the email and sometimes followed by a line of random numbers and digits.


3- Use Logic – Why would your work colleague want to know your bank details? Why would your boss send you a link to click a link to view your phone bill? They most likely wouldn’t, so if in doubt at all, contact that person directly and verify if they sent the email. And if you do get a phishing email, delete it immediately! Better safe than sorry.

What is spear phishing and how to avoid it

Have you ever received a spear phishing email? Think you could spot one? Let us know in the comments!

Other Articles on Cyber Security Awareness Training You Might Find Interesting

duckduckgo vs google EN

DuckDuckGo vs Google – 5 reasons why you should give up using Google!

You were not aware that DuckDuckGo is a search engine? Well, now you know. Since its founding in 2008, DuckDuckGo has made it its mission to develop a search engine that does not store or share personal data, quite unlike Google. Google’s business model is based less on data protection and more on personalised advertising. Without the storage of personal data, Google would virtually lose the air it breathes. However, Google is still the most used search engine, and there are reasons for that. Google does have one weakness, however, and that is data protection.
Read More »
dataprotection vs informationsecurity EN

Information Security vs Data Protection

Is this an issue for our ISO or our DPO, or is it much the same in either case? Who exactly is responsible for this incident, and is there a need to report it at all? In order to discuss the similarities and differences between information security and data protection, the first step is to define the two areas.
Read More »